Using Backup Tape as an Archive with Today’s Data Governance Requirements


Backup tapes have always provided a reliable and cost effective backup and data preservation solution. Even for those users who are backing up to disk, tapes have provided a cost-effective replication target. As a result, organizations have amassed stockpiles of legacy tapes in offsite storage vaults that have long outlived their disaster recovery usefulness. These tapes often represent the only copy of sensitive files and documents required to support legal and compliance requirements. These tapes are your corporate legacy data archive.

This paper will discuss a new approach towards managing and archiving legacy data in the cloud that is not only cost effective, but will help support today’s more challenging data governance requirements.

Tape Was Never Designed to be an Archive

Tape is a low cost, portable media which can be used to preserve data in support of disaster recovery. Continue Reading…

Confessions of a Data Hoarder

You can overcome your data hoarding addiction.The first step is Honesty. Admit that you are powerless over your addiction, and that your life has become unmanageable.

So go ahead, step up to the mic, introduce yourself, and say these words…” I am a data hoarder”. You simply cannot bring yourself to delete your redundant, out of date, and trivial data. You continue to store it, back it up, archive it, waste your company’s money and contribute to its out of control IT budget and escalating legal liability. Continue Reading…

Putting a price on undue burden – $136,000 isn’t big enough

Three things we can learn from Guardiola v. Renown Health

1. $136,000 to restore and review email from backup tapes is not enough to show “undue burden.”

2. Organizations must bear some responsibility for using a backup solution that did not maintain data in an indexed or searchable manner.

3. Restoration of legacy tape data is “technologically feasible” when bringing in a third-party vendor, alleviating the burden of in-house production.

Read more about the case here

Discover how to avoid a $136,000 eDiscovery bill here

EMC and Index Engines Partner for Backup Migration

If you would like to take advantage of EMC best-of-breed backup solutions including Networker, Avamar and Data Domain, but feel locked in your current provider because you’re using old backups for long-term retention, Index Engines has the solution.

Index Engines has partnered with EMC to help clients migrate to a new backup solution, but still maintain access to the legacy data without the need for the original software. Additionally, Index Engines takes advantage of EMC’s ECS cloud storage to migrate data of value from tape to cloud, enabling clients to go tapeless and eliminate tape as a LTR strategy.

Benefits of the solution include:

– Freedom to move to EMC backup solution.
– Retire non-production backup software and infrastructure.
– Use cloud for LTR and apply retention to data.
– Go tapeless, recoup offsite storage fees.
– Manage risk and liability hidden in legacy data

See how:

Webinar Thursday: Achieving Data Governance

People, Process & Technology: Simple Steps to Achieve Information Governance

Before developing a sound information governance policy, there needs to be an understanding of what exists, where it exist, how many exist and why it exists.

Only then can legal and IT work together to build policy and confidently and defensibly manage the massive amounts of data within an organization.

Discover how to unify data governance goals between departments and develop policy that supports a compliant, secure corporate data in this webinar from Jordan Lawrence and Index Engines.

10 User Data Projects Not to Leave Off the Schedule in 2016

With budgets tightening – often to pay for storage costs – data center managers are struggling to find the highest impact projects that will see an immediate ROI.

While there’s no one project that will reclaim all of the unstructured data rotting away in the data center, there are 10 crucial data projects not to leave off the schedule in 2016.

– Clean up abandoned data and reclaim capacity: When employees leave the organization, their files and email languish on networks and servers. With the owner no longer available to manage and maintain the content, it remains abandoned and clogs up corporate servers. Data centers must manage this abandoned data to avoid losing any valuable content and to reclaim capacity.

– Migrate aged data to cheaper storage tiers: As data ages on the network it can become less valuable. Storing data that has not been accessed in three years or longer is a waste of budget. Migrate this data to less expensive storage platforms. Aged data can represent between 40% and 70% of current server capacity.

– Implement accurate chargebacks based on metadata profiles and Active Directory ownership: Chargebacks enable data centers to recoup storage expenses and work with the departments to develop a more meaningful data policy including purging of what they no longer require.

– Defensively remediate legacy backup tapes and recoup offsite storage expenses: Old backup tapes that have piled up in offsite storage are a big line item on your annual budget. Using unstructured data profiling technology these tapes can be scanned, without the need of the original backup software, and a metadata index of the contents generated. Using this metadata, profile relevant content and extract needed content so the tapes can be defensibly remediated, reclaiming offsite storage expenses.

– Purge redundant and outdated files to free-up storage: Network servers can easily be comprised of 35 – 45% duplicate content. This content builds over time and results in wasted storage capacity. Once duplicates are identified, a policy can be implemented to purge what is no longer required such as redundant files that have not been accessed in over three years, or those owned by ex-employees.

– Audit and remove personal multimedia content (ie. music, video) from user shares: User shares become a repository of not only aged and abandoned files, but personal music, photo and video content that have no value to the business and in fact may be a liability. Once this data is classified reports can be generated showing the top 50 owners of this content, total capacity and location. This information can be used to set and enforce quotas and work with the data owners to clean up the content and reclaim capacity.

– Profile and move data to the cloud: Many data centers have cloud initiatives where aged and less useful business data is migrated to more cost-effective hosted storage. Finding the data and on-ramping it to the cloud ,however ,is a challenge of you lack understanding of your data: who owns it, when it was last accessed, types of files, etc.

– Archive sensitive content and support eDiscovery more cost effectively: Legal and compliance requests for user files and email can be disruptive and time consuming. Finding the relevant content and extracting it in a defensible manner are the key challenges. Streamlining access to critical data so you can respond to legal requests quicker not only lessens their time burden but saves you time and money during location efforts.

– Audit and secure PII to control risk: Users don’t always abide by corporate data policies. Sharing sensitive information containing client social security and credit card numbers, such as tax forms, credit reports and application, can easily happen. Find this information, audit email and servers, and take the appropriate action to ensure client data is secure. Some content may need to be relocated and moved to an archive, encrypted or even purged from the network. Managing PII ensures compliance with corporate policies and controls liability associated with sensitive data.

– Manage and control liability hidden in PSTs: Email contains sensitive corporate data including communications of agreements, contracts, private business discussions and more. Many firms have email archives in place to monitor and protect this data, however, users can easily create their own mini-archive or PST of the content that is not managed by corporate. PSTs have caused great pain when involved in litigation as email that was thought to be no longer in existence suddenly appears in a hidden PST.

Deletion has to be Defensible, even for the IRS

The painful lesson learned when ignoring backup tapes as part of your defensible deletion and data governance policies

Lois Lerner’s emails are gone. We know this, but more than a server issue or hard drive crash, the backup tapes that archived the untampered with and complete records of those emails were destroyed.

Now, it could cost IRS Commissioner John Koskinen his job. 18 US Congressman are seeking impeachment against Koskinen on the grounds of his “failure to check Lerner’s cell phone and backup tapes that contained missing emails related to the scandal.”

According to a Wall Street Journal article, there are a few points that Koskinen is being accused of, all which could have been avoided with a proper data governance policy and documentation of the policy.

  1. “In February 2014 Congress instructed Koskinen to supply all emails related to Lerner… A few weeks after the subpoena, IRS employees in West Virginia erased 422 backup tapes, destroying up to 24,000 Lerner emails.”

Tapes need to be incorporated into governance policies. Had these tapes been part of a defensible deletion or information governance policy, they likely would have been managed properly and treated as records or defensibly deleted as a part of the normal IT process.

  1. “The second charge cites “a pattern of deception” and three “materially false” statements Koskinen has made to Congress, under oath, including his assurances that no Lerner emails had been lost. In fact Lerner’s hard drive had crashed and employees erased tapes.”

After disaster recovery, tapes can become a defacto archive. Once a tape is no longer useful for disaster recovery, it’s nothing more than a snapshot of data. Despite any legal claim stating otherwise, they serve no other purpose except for a defacto archive and should be treated as such. Financial burden and inaccessibility arguments are also becoming null and void.

  1. “A final charge accuses Koskinen of incompetence, noting how despite his insistence that his agency had gone to “great lengths” to retrieve lost Lerner emails, the IRS failed to search disaster backup tapes, a Lerner BlackBerry and laptop, the email server and its backup tapes. When the Treasury Inspector General did his own search, he found 1,000 new Lerner emails in 14 days.”

Data – email included – never dies (easily). When creating policy, it’s important to understand where the data goes: desktop, secondary hard drive, server, backup tapes, disk, archive. By understanding this and creating (and auditing) policy restricting portable devices, PSTs and other places data can go, an organization can more effectively create an enforceable policy and manage risk and liability.

Data, including what is archived on backup tapes, must be properly audited and managed. When data is deleted without an understanding of why, how and when, problems inherently arise, especially if this data is at the heart of high profile litigation. All data – especially data on backup tapes – should have a governance policy surrounding it to make it defensible and avoid the pitfalls of the IRS.

Webinar: 10 Reasons Tape Is a Lousy Archive

Join us Thursday October 8th at 1 pm ET/10 am PT for this educational webinar. Register Now

One of the most frequent misuses of backup tape is as an archive for sensitive user data.

Organizations don’t typically design tape as their archive, however, it inadvertently becomes one when old backup tapes are sent to offsite storage after cycling out of their disaster recovery usefulness.

Join us Thursday, October 8th for a 45-minute webinar to explore 10 Reasons Tape Isn’t a Good Archive and discover how to secure your data, mitigate risk and simplify tape restores in support of legal and compliance.

What could have happened to Hillary’s emails?

Judge Reggie Walton of the U.S. District Court for the D.C. Circuit is expected to hear arguments to order the State Department to question Hillary Clinton on the existence of emails on backup tape archives, The Hill Reported, but information management company Index Engines can explain exactly what this means and how it is done.

When Clinton implemented an email server to control and manage her correspondence, her team hired Platte River Networks to host this environment. This is a third-party organization that likely has procedures in place to protect data and ensure it can be restored in the case of a disaster such as a flood or fire by copying all email ever created onto backup tapes.

This standard “IT” process produces a snapshot of what actually happened and it is secure and tamper proof, and represents a factual record of the past and are much more reliable than the records stored on local servers and hard drives that can be accessed by many and easily spoiled.

In this case, the backup of the email server most likely occurred at an offsite location chosen by the hosting provider, Platte River Networks, and the data was placed on tapes that are typically preserved in offsite storage vaults. When the main server was shut down, the tapes could have been forgotten about.

Index Engines has software that can quickly scan backup tapes, index the contents of the email, and make it searchable and accessible without the use of any other third party software or infrastructure. Through this process keywords, time frames and file types can be quickly produced and extracted without corruption.

“Data never dies,” said Tim Williams, CEO of Index Engines. “All modern organizations have robust data protection processes that make copies of everything and archive it on backup media to ensure it can survive a disaster. In cases like this, those copies represent the factual truth. They can’t be changed after the fact.

“When an email is sent, it is copied and archived and preserved many times over. This is a disaster recovery feature standard in any data center. What Hillary Clinton probably didn’t know is that exact copies of what existed is archived in data center disaster recovery archives, or backup tapes, that allow for a rebuilding of an email server in case of a failure.”